Over half of organizations are struggling to protect their workloads, claiming the maturity of their security posture can’t keep up with the rapid pace of cloud adoption, according to Symantec.
The security giant polled 1250 IT decision-makers in 11 countries worldwide to compile its 2019 Cloud Security Threat Report.
It revealed that while 53% of enterprise workloads have now been migrated to the cloud, a similar percentage of organizations (54%) are struggling to keep pace with the expansion of cloud apps.
Most (93%) said they are having trouble keeping track of workloads and estimated that more than a third of files in the cloud shouldn’t be there.
Some 83% claimed they don’t have the right processes in place to effectively manage security incidents, meaning a quarter of alerts go unaddressed.
Nearly three-quarters (73%) said they’ve experienced an incident because their cloud security isn’t mature enough – i.e. they lack controls like encryption and multi-factor authentication (MFA) and are poorly configured. Some 65% of organizations failed to implement MFA in IaaS environments and 80% don’t use encryption, according to the report.
As a result, they face an increased risk of insider threats – ranked by respondents as the third biggest threat to cloud infrastructure.
Nico Popp, Symantec’s senior vice-president of cloud & information protection, explained that 69% of responding organizations believe their data is already on the dark web for sale and fear an increased risk of data breaches because of their cloud migration.
“The adoption of new technology has almost always led to gaps in security, but we’ve found the gap created by cloud computing poses a greater risk than we realize, given the troves of sensitive and business-critical data stored in the cloud,” he added.
“Data breaches can have a clear impact on enterprises’ bottom line, and security teams are desperate to prevent them. However, it’s not the underlying cloud technology that has exacerbated the data breach problem – it’s the immature security practices, overtaxed IT staff and risky end-user behavior surrounding cloud adoption.”